'Flash Freeze' postmortem: Protecting markets from hackers

Nasdaq officials say a "connectivity" problem was what shut down trading for three hours Thursday, but some cybersecurity experts are concerned that hackers may see an opportunity to attack the markets.

"This draws attention to a system that we know," said Alex McGeorge, a senior security researcher at Immunity Inc. "Even if this wasn't a malicious attack, this has some redundancy issues—meaning it is probably ripe for having some other types of security vulnerabilities."

The stock exchanges could implement a few key changes to enhance security, he said.

The Securities and Exchange Commission is working on new regulations for market technology. Only voluntary standards—some dating back to the 1980s—are in place now.

"Those standards reflect the time in which they were written. ... I think there needs to be an update, especially to address what we know about computer security, how we know attackers operate today," McGeorge said.

The exchanges have pushed back against regulation. But after the "Flash Freeze" on Thursday, the Nasdaq CEO Robert Greifield seemed more open to the SEC's proposals.

"When you look at the details of the rules, there's always ways to quibble," he told CNBC. "But the pure spirit of the rules are there, and we think we ought to go further on this concept of defensive driving."

McGeorge, who has been working in cybersecurity for the financial industry since 2008, said that the industry must take a broader view of the expense. While cybersecurity can be a big investment, the costs of an attack are far greater.

For example, he said, "the PlayStation network that's delivered by Sony … a very large network, had significant downtime, months, because of a security breach." If the same kind of thing were to happen to the exchanges, "I don't know if the economy could deal with something like this," he added.

According to McGeorge, regulators and stock exchanges can take a few specific measures to increase cybersecurity.

For one, financial networks need to be better segregated. Thousands of people and firms need to access critical systems daily. Each person is a point of vulnerability.

"If I can compromise one of the users of this system, that gives me an avenue to attack the system itself," McGeorge said.

Stock exchanges also need more redundancies, or backups, he said. The Nasdaq glitch occurred when the central system for reporting prices—known as the securities information processor, or SIP—was compromised.

Greifeld told CNBC that the Nasdaq would be open to allowing competitors to set up SIPs of their own. That way if a system goes down, firms would have an alternative source for pricing information.

5 ways to protect markets from hackers

CNBC's Scott Cohn reports that while there is no evidence that hackers caused this week's NASDAQ shutdown, experts are concerned about the cybersecurity of US markets. Hacking America presents five ways to ensure US stock exchanges are more secure.

The SEC should require the financial industry to have third parties test its networks, McGeorge said, adding that he performs such tests for Immunity.

"Anything that's connected to an exchange has to undergo regular, manual third-party assessment," he said. "Nothing scripted or automated, because ... people willing to go through to this length to attack an exchange are going to doing it manually."

To hear more about all five steps the markets can take to protect themselves against cyberattacks, watch the video

CNBC's Gary Kaminsky spent time with SEC's Bruce Karpati to learn more about his division, which investigates allegations of fraud committed by investment advisers. Kaminsky reports that if you're breaking the law, the agency will find you.